Channels

Services

Piwik 1.5 brings e-commerce analytics, fixes critical hole

Version 1.5 of Piwik is a major update to the open source web analytics suite; it includes several new features and, according to its developers, brings better scalability. The latest release allows users to track custom variables on a per page basis and adds e-commerce analytics so that developers can, for example, track product views when visitors add items to their shopping carts and e-commerce orders.

Piwik 1.5 no longer relies on Flash for drawing graphs – it now includes JavaScript Canvas Charts, which draws graphs using the jqplot library. The developers say that the graphs have "the same look and feel but are using fully open source stack". Other changes include inline help for most reports and the option to upload custom logos which can be displayed in the UI, on the login screen and in email reports. A new privacy plugin has been added that makes it easy to setup IP anonymisation from the Privacy settings page.

The 1.5 update addresses a critical security vulnerability in the software. In non-default configurations where an anonymous user has access to reports, the Piwik server could be compromised and allow the execution of arbitrary code. Neal Poole was awarded $500 for disclosing the bug, as part of the security bug bounty program. According to the developers, the security issue only affects "a minority of Piwik servers". Further details about the security hole were not provided.

More information about the major update can be found in a post on the Piwik blog and in the change log. Piwik 1.5 is available to download (direct download) from the project's site.

Piwik, which aims to be an open source alternative to Google Analytics, is licensed under the GPL. According to the project's site, it is already used by more than 150,000 web sites.